Data governance programs involve many people: in addition to your governance team, they will impact employees, customers and partners as well. Therefore, you will need to establish accountability and responsibility through a matrix such as RACI (which stands for responsible, accountable, consulted and informed). This ensures everyone knows their roles and responsibilities within your program and makes sure everyone contributes towards its success.
Hong Kong data protection is governed by the Personal Data Protection Ordinance (PDPO), which sets out both data subject rights and user obligations while also outlining six data protection principles pertaining to collection, processing, holding, and use of personal data. While PDPO does not cover non-personal data specifically, certain exemptions do exist; including for purposes such as safeguarding Hong Kong security and defense capabilities as well as international relations as well as crime detection/prevention activities or duties collection/assessments as well as news reporting activities or life threatening emergencies.
There have been suggestions that the PDPO could be amended in the future to align more closely with GDPR when it comes to personal data definition. If this were to occur, this would have significant ramifications on businesses who use data-related technologies or collect or process personal information that can identify individuals such as cloud computing services, online advertising networks, or social networking sites; data aggregators; as well as any service providers that collect and process personal information for others will all be affected by its changes.
